Windows 32/64位代码注入攻击是恶意软件常用的攻击技术,在内存取证领域,现存的代码注入攻击检测技术在验证完整性方面不能处理动态内容,并且在解析内存中数据结构方面无法兼容不同版本的Windows系统。因此提出了通过交叉验证进程堆栈和...Windows 32/64位代码注入攻击是恶意软件常用的攻击技术,在内存取证领域,现存的代码注入攻击检测技术在验证完整性方面不能处理动态内容,并且在解析内存中数据结构方面无法兼容不同版本的Windows系统。因此提出了通过交叉验证进程堆栈和VAD信息定位注入代码方法,将基于遍历栈帧得到的函数返回地址、模块名等信息结合进程VAD结构来检测函数返回地址、匹配文件名以定位注入代码,并且研发了基于Volatility取证框架的Windows代码注入攻击检测插件codefind。测试结果表明,即使在VAD节点被恶意软件修改,方法仍能够有效定位Windows 32/64位注入代码攻击。展开更多
Malware attacks on Windows machines pose significant cybersecurity threats,necessitating effective detection and prevention mechanisms.Supervised machine learning classifiers have emerged as promising tools for malwar...Malware attacks on Windows machines pose significant cybersecurity threats,necessitating effective detection and prevention mechanisms.Supervised machine learning classifiers have emerged as promising tools for malware detection.However,there remains a need for comprehensive studies that compare the performance of different classifiers specifically for Windows malware detection.Addressing this gap can provide valuable insights for enhancing cybersecurity strategies.While numerous studies have explored malware detection using machine learning techniques,there is a lack of systematic comparison of supervised classifiers for Windows malware detection.Understanding the relative effectiveness of these classifiers can inform the selection of optimal detection methods and improve overall security measures.This study aims to bridge the research gap by conducting a comparative analysis of supervised machine learning classifiers for detecting malware on Windows systems.The objectives include Investigating the performance of various classifiers,such as Gaussian Naïve Bayes,K Nearest Neighbors(KNN),Stochastic Gradient Descent Classifier(SGDC),and Decision Tree,in detecting Windows malware.Evaluating the accuracy,efficiency,and suitability of each classifier for real-world malware detection scenarios.Identifying the strengths and limitations of different classifiers to provide insights for cybersecurity practitioners and researchers.Offering recommendations for selecting the most effective classifier for Windows malware detection based on empirical evidence.The study employs a structured methodology consisting of several phases:exploratory data analysis,data preprocessing,model training,and evaluation.Exploratory data analysis involves understanding the dataset’s characteristics and identifying preprocessing requirements.Data preprocessing includes cleaning,feature encoding,dimensionality reduction,and optimization to prepare the data for training.Model training utilizes various supervised classifiers,and their performance is evaluated using metrics such as accuracy,precision,recall,and F1 score.The study’s outcomes comprise a comparative analysis of supervised machine learning classifiers for Windows malware detection.Results reveal the effectiveness and efficiency of each classifier in detecting different types of malware.Additionally,insights into their strengths and limitations provide practical guidance for enhancing cybersecurity defenses.Overall,this research contributes to advancing malware detection techniques and bolstering the security posture of Windows systems against evolving cyber threats.展开更多
The time dependent vehicle routing problem with time windows(TDVRPTW) is considered. A multi-type ant system(MTAS) algorithm hybridized with the ant colony system(ACS)and the max-min ant system(MMAS) algorithm...The time dependent vehicle routing problem with time windows(TDVRPTW) is considered. A multi-type ant system(MTAS) algorithm hybridized with the ant colony system(ACS)and the max-min ant system(MMAS) algorithms is proposed. This combination absorbs the merits of the two algorithms in solutions construction and optimization separately. In order to improve the efficiency of the insertion procedure, a nearest neighbor selection(NNS) mechanism, an insertion local search procedure and a local optimization procedure are specified in detail. And in order to find a balance between good scouting performance and fast convergence rate, an adaptive pheromone updating strategy is proposed in the MTAS. Computational results confirm the MTAS algorithm's good performance with all these strategies on classic vehicle routing problem with time windows(VRPTW) benchmark instances and the TDVRPTW instances, and some better results especially for the number of vehicles and travel times of the best solutions are obtained in comparison with the previous research.展开更多
This paper describes a method for building hot snapshot copy based on windows-file system (HSCF). The architecture and running mechanism of HSCF are discussed after giving a comparison with other on-line backup tecb...This paper describes a method for building hot snapshot copy based on windows-file system (HSCF). The architecture and running mechanism of HSCF are discussed after giving a comparison with other on-line backup tecbnology. HSCF, based on a file system filter driver, protects computer data and ensures their integrity and consistency with following three steps: access to open files, synchronization and copy on-write. Its strategies for improving system performance are analyzed including priority setting, incremental snapshot and load balance. HSCF is a new kind of snapshot technology to solve the data integrity and consistency problem in online backup, which is different from other storage-level snapshot and Open File Solution.展开更多
The optical windows used in aircrafts protect their imaging sensors from environmental effects. Considering the imaging performance, flat surfaces are traditionally used in the design of optical windows. For aircrafts...The optical windows used in aircrafts protect their imaging sensors from environmental effects. Considering the imaging performance, flat surfaces are traditionally used in the design of optical windows. For aircrafts operating at high speeds, the optical windows should be relatively aerodynamic, but a flat optical window may introduce unacceptably high drag to the airframes. The linear scanning infrared sensors used in aircrafts with, respectively, a flat window, a spherical window and a toric window in front of the aircraft sensors are designed and compared. Simulation results show that the optical design using a toric surface has the integrated advantages of field of regard, aerodynamic drag, narcissus effect, and imaging performance, so the optical window with a toric surface is demonstrated to be suited for this application.展开更多
The periodic window is researched by means of the symbolic dynamics and formal language. Firstly, the proper sampling period is taken and the orbital points of periodic motion are obtained through Poincar6 mapping. Se...The periodic window is researched by means of the symbolic dynamics and formal language. Firstly, the proper sampling period is taken and the orbital points of periodic motion are obtained through Poincar6 mapping. Secondly, according to the method of symbolic dynamics of one-dimensional discrete mapping, the symbolic sequence describing the periodic orbit is obtained. Finally, based on the symbolic sequence, the corresponding model of minimal finite automation is constructed and the entropy is obtained by calculating the maximal eigenvalue of Stefan matrix. The results show that the orbits in periodic windows can be strictly marked by using the method of symbolic dynamics, thus a foundation for control of switching between target orbits is provided.展开更多
Principal component analysis(PCA)has been already employed for fault detection of air conditioning systems.The sliding window,which is composed of some parameters satisfying with thermal load balance,can select the ta...Principal component analysis(PCA)has been already employed for fault detection of air conditioning systems.The sliding window,which is composed of some parameters satisfying with thermal load balance,can select the target historical fault-free reference data as the template which is similar to the current snapshot data.The size of sliding window is usually given according to empirical values,while the influence of different sizes of sliding windows on fault detection of an air conditioning system is not further studied.The air conditioning system is a dynamic response process,and the operating parameters change with the change of the load,while the response of the controller is delayed.In a variable air volume(VAV)air conditioning system controlled by the total air volume method,in order to ensure sufficient response time,30 data points are selected first,and then their multiples are selected.Three different sizes of sliding windows with 30,60 and 90 data points are applied to compare the fault detection effect in this paper.The results show that if the size of the sliding window is 60 data points,the average fault-free detection ratio is 80.17%in fault-free testing days,and the average fault detection ratio is 88.47%in faulty testing days.展开更多
Computer numerical control(CNC)system is the base of modern digital and intelligent manufacturing technolo- gy.And opened its architecture and constituted based on PC and Windows operating system(OS)is the main trend ...Computer numerical control(CNC)system is the base of modern digital and intelligent manufacturing technolo- gy.And opened its architecture and constituted based on PC and Windows operating system(OS)is the main trend of CNC sys- tem.However,even if the highest system priority is used in user mode,real-time capability of Windows(2000,NT,XP)for applications is not guaranteed.By using a device driver,which is running in kernel mode,the real time performance of Windows can be enhanced greatly.The acknowledgment performance of Windows to peripheral interrupts was evaluated.Harmonized with an intelligent real-time serial communication bus(RTSB),strict real-time performance can be achieved in Windows platform. An opened architecture software CNC system which is hardware independence is proposed based on PC and RTSB.A numerical control real time kernel(NCRTK),which is implemented as a device driver on Windows,is used to perform the NC tasks.Tasks are divided into real-time and non real-time.Real-time task is running in kernel mode and non real-time task is running in user mode.Data are exchanged between kernel and user mode by DMA and Windows Messages.展开更多
CO_(2)electrochemical reduction reaction(CO_(2)RR)to formate is a hopeful pathway for reducing CO_(2)and producing high-value chemicals,which needs highly selective catalysts with ultra-broad potential windows to meet...CO_(2)electrochemical reduction reaction(CO_(2)RR)to formate is a hopeful pathway for reducing CO_(2)and producing high-value chemicals,which needs highly selective catalysts with ultra-broad potential windows to meet the industrial demands.Herein,the nanorod-like bimetallic ln_(2)O_(3)/Bi_(2)O_(3)catalysts were successfully synthesized by pyrolysis of bimetallic InBi-MOF precursors.The abundant oxygen vacancies generated from the lattice mismatch of Bi_(2)O_(3)and ln_(2)O_(3)reduced the activation energy of CO_(2)to*CO_(2)·^(-)and improved the selectivity of*CO_(2)·^(-)to formate simultaneously.Meanwhile,the carbon skeleton derived from the pyrolysis of organic framework of InBi-MOF provided a conductive network to accelerate the electrons transmission.The catalyst exhibited an ultra-broad applied potential window of 1200 mV(from-0.4 to-1.6 V vs RHE),relativistic high Faradaic efficiency of formate(99.92%)and satisfactory stability after 30 h.The in situ FT-IR experiment and DFT calculation verified that the abundant oxygen vacancies on the surface of catalysts can easily absorb CO_(2)molecules,and oxygen vacancy path is dominant pathway.This work provides a convenient method to construct high-performance bimetallic catalysts for the industrial application of CO_(2)RR.展开更多
PN (Pseudo-Noise) code tracking is the most challenging task in a Direct Sequence Spread Code Division Multiplex Access (DS-CDMA) for celluar mobile communication systems. In this paper, the gravity of energy windows ...PN (Pseudo-Noise) code tracking is the most challenging task in a Direct Sequence Spread Code Division Multiplex Access (DS-CDMA) for celluar mobile communication systems. In this paper, the gravity of energy windows (GEW) tracking loop of the time and frequency uncertainty of the received signal is investigated, and the GEW’s analytical results in a multi-path fading channel are introduced. GEW tracking loop exploits the inherent multi-path diversity of the channel, and has better performance than single-path one when working in multi-path fading environment.展开更多
Left-handedness with three zero-absorption windows is achieved in a triple-quantum-dot system. With the typ- ical parameters of a GaAs/AlGaAs heterostructure, the simultaneous negative relative electric permittivity a...Left-handedness with three zero-absorption windows is achieved in a triple-quantum-dot system. With the typ- ical parameters of a GaAs/AlGaAs heterostructure, the simultaneous negative relative electric permittivity and magnetic permeability are obtained by the adjustable incoherent pumping field and two inter-dot tunnelings. Furthermore, three zero-absorption windows in the left-handedness frequency bands are observed. The left- handedness with zero-absorption in the solid state heterostrueture may solve the challenges not only in the left-handed materials achieved by the photonic resonant scheme but also in the application of negative refractive materials with a large amount of absorption.展开更多
Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the comp...Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the compromised systems.Forensic analysts are tasked with extracting and subsequently analyzing data,termed as artifacts,from these systems to gather evidence.Therefore,forensic analysts must sift through extensive datasets to isolate pertinent evidence.However,manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive.Previous studies addressed such inefficiencies by integrating artificial intelligence(AI)technologies into digital forensics.Despite the efforts in previous studies,artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations.In this study,we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics.Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection.The key ideas of this method are:(1)prioritize suspicious artifacts and filter remaining artifacts using autoencoder and(2)further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy.Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches.Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies.展开更多
基金This researchwork is supported by Princess Nourah bint Abdulrahman University Researchers Supporting Project Number(PNURSP2024R411),Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘Malware attacks on Windows machines pose significant cybersecurity threats,necessitating effective detection and prevention mechanisms.Supervised machine learning classifiers have emerged as promising tools for malware detection.However,there remains a need for comprehensive studies that compare the performance of different classifiers specifically for Windows malware detection.Addressing this gap can provide valuable insights for enhancing cybersecurity strategies.While numerous studies have explored malware detection using machine learning techniques,there is a lack of systematic comparison of supervised classifiers for Windows malware detection.Understanding the relative effectiveness of these classifiers can inform the selection of optimal detection methods and improve overall security measures.This study aims to bridge the research gap by conducting a comparative analysis of supervised machine learning classifiers for detecting malware on Windows systems.The objectives include Investigating the performance of various classifiers,such as Gaussian Naïve Bayes,K Nearest Neighbors(KNN),Stochastic Gradient Descent Classifier(SGDC),and Decision Tree,in detecting Windows malware.Evaluating the accuracy,efficiency,and suitability of each classifier for real-world malware detection scenarios.Identifying the strengths and limitations of different classifiers to provide insights for cybersecurity practitioners and researchers.Offering recommendations for selecting the most effective classifier for Windows malware detection based on empirical evidence.The study employs a structured methodology consisting of several phases:exploratory data analysis,data preprocessing,model training,and evaluation.Exploratory data analysis involves understanding the dataset’s characteristics and identifying preprocessing requirements.Data preprocessing includes cleaning,feature encoding,dimensionality reduction,and optimization to prepare the data for training.Model training utilizes various supervised classifiers,and their performance is evaluated using metrics such as accuracy,precision,recall,and F1 score.The study’s outcomes comprise a comparative analysis of supervised machine learning classifiers for Windows malware detection.Results reveal the effectiveness and efficiency of each classifier in detecting different types of malware.Additionally,insights into their strengths and limitations provide practical guidance for enhancing cybersecurity defenses.Overall,this research contributes to advancing malware detection techniques and bolstering the security posture of Windows systems against evolving cyber threats.
文摘The time dependent vehicle routing problem with time windows(TDVRPTW) is considered. A multi-type ant system(MTAS) algorithm hybridized with the ant colony system(ACS)and the max-min ant system(MMAS) algorithms is proposed. This combination absorbs the merits of the two algorithms in solutions construction and optimization separately. In order to improve the efficiency of the insertion procedure, a nearest neighbor selection(NNS) mechanism, an insertion local search procedure and a local optimization procedure are specified in detail. And in order to find a balance between good scouting performance and fast convergence rate, an adaptive pheromone updating strategy is proposed in the MTAS. Computational results confirm the MTAS algorithm's good performance with all these strategies on classic vehicle routing problem with time windows(VRPTW) benchmark instances and the TDVRPTW instances, and some better results especially for the number of vehicles and travel times of the best solutions are obtained in comparison with the previous research.
基金Supported by the National Natural Science Foun-dation of China (60473023) National Innovation Foundation forSmall Technology Based Firms(04C26214201280)
文摘This paper describes a method for building hot snapshot copy based on windows-file system (HSCF). The architecture and running mechanism of HSCF are discussed after giving a comparison with other on-line backup tecbnology. HSCF, based on a file system filter driver, protects computer data and ensures their integrity and consistency with following three steps: access to open files, synchronization and copy on-write. Its strategies for improving system performance are analyzed including priority setting, incremental snapshot and load balance. HSCF is a new kind of snapshot technology to solve the data integrity and consistency problem in online backup, which is different from other storage-level snapshot and Open File Solution.
文摘The optical windows used in aircrafts protect their imaging sensors from environmental effects. Considering the imaging performance, flat surfaces are traditionally used in the design of optical windows. For aircrafts operating at high speeds, the optical windows should be relatively aerodynamic, but a flat optical window may introduce unacceptably high drag to the airframes. The linear scanning infrared sensors used in aircrafts with, respectively, a flat window, a spherical window and a toric window in front of the aircraft sensors are designed and compared. Simulation results show that the optical design using a toric surface has the integrated advantages of field of regard, aerodynamic drag, narcissus effect, and imaging performance, so the optical window with a toric surface is demonstrated to be suited for this application.
基金This project is supported by National Natural Science Foundation of China(No.50075070).
文摘The periodic window is researched by means of the symbolic dynamics and formal language. Firstly, the proper sampling period is taken and the orbital points of periodic motion are obtained through Poincar6 mapping. Secondly, according to the method of symbolic dynamics of one-dimensional discrete mapping, the symbolic sequence describing the periodic orbit is obtained. Finally, based on the symbolic sequence, the corresponding model of minimal finite automation is constructed and the entropy is obtained by calculating the maximal eigenvalue of Stefan matrix. The results show that the orbits in periodic windows can be strictly marked by using the method of symbolic dynamics, thus a foundation for control of switching between target orbits is provided.
基金Fundamental Research Funds for the Central Universities of Ministry of Education of China。
文摘Principal component analysis(PCA)has been already employed for fault detection of air conditioning systems.The sliding window,which is composed of some parameters satisfying with thermal load balance,can select the target historical fault-free reference data as the template which is similar to the current snapshot data.The size of sliding window is usually given according to empirical values,while the influence of different sizes of sliding windows on fault detection of an air conditioning system is not further studied.The air conditioning system is a dynamic response process,and the operating parameters change with the change of the load,while the response of the controller is delayed.In a variable air volume(VAV)air conditioning system controlled by the total air volume method,in order to ensure sufficient response time,30 data points are selected first,and then their multiples are selected.Three different sizes of sliding windows with 30,60 and 90 data points are applied to compare the fault detection effect in this paper.The results show that if the size of the sliding window is 60 data points,the average fault-free detection ratio is 80.17%in fault-free testing days,and the average fault detection ratio is 88.47%in faulty testing days.
基金Supported by the National Natural Science Foundation of China(No.50445004).
文摘Computer numerical control(CNC)system is the base of modern digital and intelligent manufacturing technolo- gy.And opened its architecture and constituted based on PC and Windows operating system(OS)is the main trend of CNC sys- tem.However,even if the highest system priority is used in user mode,real-time capability of Windows(2000,NT,XP)for applications is not guaranteed.By using a device driver,which is running in kernel mode,the real time performance of Windows can be enhanced greatly.The acknowledgment performance of Windows to peripheral interrupts was evaluated.Harmonized with an intelligent real-time serial communication bus(RTSB),strict real-time performance can be achieved in Windows platform. An opened architecture software CNC system which is hardware independence is proposed based on PC and RTSB.A numerical control real time kernel(NCRTK),which is implemented as a device driver on Windows,is used to perform the NC tasks.Tasks are divided into real-time and non real-time.Real-time task is running in kernel mode and non real-time task is running in user mode.Data are exchanged between kernel and user mode by DMA and Windows Messages.
基金financially supported by the National Natural Science Foundation of China(52072409)the Major Scientific and Technological Innovation Project of Shandong Province(2020CXGC010403)+1 种基金the Taishan Scholar Project(No.ts201712020)the Natural Science Foundation of Shandong Province(ZR2021QE062)
文摘CO_(2)electrochemical reduction reaction(CO_(2)RR)to formate is a hopeful pathway for reducing CO_(2)and producing high-value chemicals,which needs highly selective catalysts with ultra-broad potential windows to meet the industrial demands.Herein,the nanorod-like bimetallic ln_(2)O_(3)/Bi_(2)O_(3)catalysts were successfully synthesized by pyrolysis of bimetallic InBi-MOF precursors.The abundant oxygen vacancies generated from the lattice mismatch of Bi_(2)O_(3)and ln_(2)O_(3)reduced the activation energy of CO_(2)to*CO_(2)·^(-)and improved the selectivity of*CO_(2)·^(-)to formate simultaneously.Meanwhile,the carbon skeleton derived from the pyrolysis of organic framework of InBi-MOF provided a conductive network to accelerate the electrons transmission.The catalyst exhibited an ultra-broad applied potential window of 1200 mV(from-0.4 to-1.6 V vs RHE),relativistic high Faradaic efficiency of formate(99.92%)and satisfactory stability after 30 h.The in situ FT-IR experiment and DFT calculation verified that the abundant oxygen vacancies on the surface of catalysts can easily absorb CO_(2)molecules,and oxygen vacancy path is dominant pathway.This work provides a convenient method to construct high-performance bimetallic catalysts for the industrial application of CO_(2)RR.
文摘PN (Pseudo-Noise) code tracking is the most challenging task in a Direct Sequence Spread Code Division Multiplex Access (DS-CDMA) for celluar mobile communication systems. In this paper, the gravity of energy windows (GEW) tracking loop of the time and frequency uncertainty of the received signal is investigated, and the GEW’s analytical results in a multi-path fading channel are introduced. GEW tracking loop exploits the inherent multi-path diversity of the channel, and has better performance than single-path one when working in multi-path fading environment.
基金Supported by the National Natural Science Foundation of China under Grant No 61205205the Foundation for Personnel Training Projects of Yunnan Province under Grant No KKSY201207068
文摘Left-handedness with three zero-absorption windows is achieved in a triple-quantum-dot system. With the typ- ical parameters of a GaAs/AlGaAs heterostructure, the simultaneous negative relative electric permittivity and magnetic permeability are obtained by the adjustable incoherent pumping field and two inter-dot tunnelings. Furthermore, three zero-absorption windows in the left-handedness frequency bands are observed. The left- handedness with zero-absorption in the solid state heterostrueture may solve the challenges not only in the left-handed materials achieved by the photonic resonant scheme but also in the application of negative refractive materials with a large amount of absorption.
基金supported by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)support program(IITP-2024-RS-2024-00437494)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation).
文摘Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the compromised systems.Forensic analysts are tasked with extracting and subsequently analyzing data,termed as artifacts,from these systems to gather evidence.Therefore,forensic analysts must sift through extensive datasets to isolate pertinent evidence.However,manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive.Previous studies addressed such inefficiencies by integrating artificial intelligence(AI)technologies into digital forensics.Despite the efforts in previous studies,artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations.In this study,we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics.Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection.The key ideas of this method are:(1)prioritize suspicious artifacts and filter remaining artifacts using autoencoder and(2)further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy.Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches.Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies.
